Imagine this: An AI agent scans your site, finds a hidden input field, injects malicious code, and exfiltrates data—no human coder involved.

That just happened.

Researchers at the University of Illinois gave a GPT-4 agent an objective: hack a live website. Using only natural language, the agent found a vulnerability, bypassed basic protections, and accessed restricted data.

Fully autonomously. With no special tuning. And no coding help.

We’re entering the era of agentic hacking. Not “attacks on AI agents” (although those will persist) but attacks by AI agents themselves.

The best tech always attracts the best builders—and the worst actors, who are automating adversarial reasoning to build agents that are self-directed, context aware, and frightfully adaptive.

The pitch decks say “AI assistants.” While AI threat models predict the next actions of agentic attackers.

Web3 won’t stop agent-powered attacks. But it might help to contain them, through auditable compute, on-chain rate limits, access controls controlled by smart contracts, and transparent agent registries.

Agentic attacks are not sci-fi. They’re operational.

@Quantstamp @carbonb1ack